CVE-2025-42985

Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3617380
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

08 Jul 2025, 16:18

Type	Values Removed	Values Added
Summary		(es) Debido a la desinfección insuficiente de SAP BusinessObjects Content Administrator Workbench, los atacantes podrían manipular URL maliciosas y ejecutar scripts en el navegador de la víctima. Esto podría provocar la exposición o modificación de los datos del cliente web, con un impacto mínimo en la confidencialidad e integridad, sin afectar la disponibilidad de la aplicación.

08 Jul 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-08 01:15

Updated : 2025-07-08 16:18

NVD link : CVE-2025-42985

Mitre link : CVE-2025-42985

CVE.ORG link : CVE-2025-42985

JSON object : View

Products Affected

No product.

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

6.1 /10